aboutsummaryrefslogtreecommitdiffstats
path: root/include/attach.php
diff options
context:
space:
mode:
Diffstat (limited to 'include/attach.php')
-rw-r--r--include/attach.php495
1 files changed, 450 insertions, 45 deletions
diff --git a/include/attach.php b/include/attach.php
index 64d6a1689..a3ee3f0ef 100644
--- a/include/attach.php
+++ b/include/attach.php
@@ -1,7 +1,8 @@
<?php
-/*
- * File/attach API with the potential for revision control.
+/** @file
+ *
+ * @brief File/attach API with the potential for revision control.
*
* TODO: a filesystem storage abstraction which maintains security (and 'data' contains a system filename
* which is inaccessible from the web). This could get around PHP storage limits and store videos and larger
@@ -10,7 +11,17 @@
*/
require_once('include/permissions.php');
-
+require_once('include/security.php');
+
+/**
+ * @brief Guess the mimetype from file ending.
+ *
+ * This function takes a file name and guess the mimetype from the
+ * filename extension.
+ *
+ * @param $filename a string filename
+ * @return string The mimetype according to a file ending.
+ */
function z_mime_content_type($filename) {
$mime_types = array(
@@ -25,6 +36,7 @@ function z_mime_content_type($filename) {
'xml' => 'application/xml',
'swf' => 'application/x-shockwave-flash',
'flv' => 'video/x-flv',
+ 'epub' => 'application/epub+zip',
// images
'png' => 'image/png',
@@ -79,20 +91,26 @@ function z_mime_content_type($filename) {
return $mime_types[$ext];
}
}
-// can't use this because we're just passing a name, e.g. not a file that can be opened
-// elseif (function_exists('finfo_open')) {
-// $finfo = @finfo_open(FILEINFO_MIME);
-// $mimetype = @finfo_file($finfo, $filename);
-// @finfo_close($finfo);
-// return $mimetype;
-// }
- else {
- return 'application/octet-stream';
- }
-}
+ return 'application/octet-stream';
+
+}
+/**
+ * @brief Count files/attachments.
+ *
+ *
+ * @param $channel_id
+ * @param $observer
+ * @param $hash (optional)
+ * @param $filename (optional)
+ * @param $filetype (optional)
+ * @return array
+ * $ret['success'] boolean
+ * $ret['results'] amount of found results, or false
+ * $ret['message'] string with error messages if any
+ */
function attach_count_files($channel_id, $observer, $hash = '', $filename = '', $filetype = '') {
$ret = array('success' => false);
@@ -124,6 +142,22 @@ function attach_count_files($channel_id, $observer, $hash = '', $filename = '',
}
+/**
+ * @brief Returns a list of files/attachments.
+ *
+ * @param $channel_id
+ * @param $observer
+ * @param $hash (optional)
+ * @param $filename (optional)
+ * @param $filetype (optional)
+ * @param $orderby
+ * @param $start
+ * @param $entries
+ * @return array
+ * $ret['success'] boolean
+ * $ret['results'] array with results, or false
+ * $ret['message'] string with error messages if any
+ */
function attach_list_files($channel_id, $observer, $hash = '', $filename = '', $filetype = '', $orderby = 'created desc', $start = 0, $entries = 0) {
$ret = array('success' => false);
@@ -160,10 +194,17 @@ function attach_list_files($channel_id, $observer, $hash = '', $filename = '', $
}
-// Find an attachment by hash and revision. Returns the entire attach structure including data.
-// This could exhaust memory so most useful only when immediately sending the data.
-
-function attach_by_hash($hash,$rev = 0) {
+/**
+ * @brief Find an attachment by hash and revision.
+ *
+ * Returns the entire attach structure including data.
+ *
+ * This could exhaust memory so most useful only when immediately sending the data.
+ *
+ * @param $hash
+ * @param $rev
+ */
+function attach_by_hash($hash, $rev = 0) {
$ret = array('success' => false);
@@ -184,7 +225,7 @@ function attach_by_hash($hash,$rev = 0) {
return $ret;
}
- if(! perm_is_allowed($r[0]['uid'],get_observer_hash(),'view_storage')) {
+ if(! perm_is_allowed($r[0]['uid'], get_observer_hash(), 'view_storage')) {
$ret['message'] = t('Permission denied.');
return $ret;
}
@@ -193,14 +234,13 @@ function attach_by_hash($hash,$rev = 0) {
// Now we'll see if we can access the attachment
-
$r = q("SELECT * FROM attach WHERE hash = '%s' and uid = %d $sql_extra LIMIT 1",
dbesc($hash),
intval($r[0]['uid'])
);
if(! $r) {
- $ret['message'] = t('Permission denied.');
+ $ret['message'] = t('Permission denied.');
return $ret;
}
@@ -210,9 +250,16 @@ function attach_by_hash($hash,$rev = 0) {
}
-
-
-function attach_by_hash_nodata($hash,$rev = 0) {
+/**
+ * @brief Find an attachment by hash and revision.
+ *
+ * Returns the entire attach structure excluding data.
+ *
+ * @see attach_by_hash()
+ * @param $hash
+ * @param $ref
+ */
+function attach_by_hash_nodata($hash, $rev = 0) {
$ret = array('success' => false);
@@ -241,13 +288,13 @@ function attach_by_hash_nodata($hash,$rev = 0) {
// Now we'll see if we can access the attachment
- $r = q("select id, aid, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where uid = %d and hash = '%s' $sql_extra limit 1",
+ $r = q("select id, aid, uid, hash, creator, filename, filetype, filesize, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where uid = %d and hash = '%s' $sql_extra limit 1",
intval($r[0]['uid']),
dbesc($hash)
);
if(! $r) {
- $ret['message'] = t('Permission denied.');
+ $ret['message'] = t('Permission denied.');
return $ret;
}
@@ -257,17 +304,21 @@ function attach_by_hash_nodata($hash,$rev = 0) {
}
-
-
-
-function attach_store($channel,$observer_hash,$options = '',$arr = null) {
-
+/**
+ * @brief
+ *
+ * @param $channel channel array of owner
+ * @param $observer_hash hash of current observer
+ * @param $options (optional)
+ * @param $arr (optional)
+ */
+function attach_store($channel, $observer_hash, $options = '', $arr = null) {
$ret = array('success' => false);
$channel_id = $channel['channel_id'];
$sql_options = '';
- if(! perm_is_allowed($channel_id,get_observer_hash(),'write_storage')) {
+ if(! perm_is_allowed($channel_id,get_observer_hash(), 'write_storage')) {
$ret['message'] = t('Permission denied.');
return $ret;
}
@@ -311,7 +362,7 @@ function attach_store($channel,$observer_hash,$options = '',$arr = null) {
if($options === 'update' && $arr && array_key_exists('revision',$arr))
$sql_options = " and revision = " . intval($arr['revision']) . " ";
- $x =q("select id, aid, uid, filename, filetype, filesize, hash, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where hash = '%s' and uid = %d $sql_options limit 1",
+ $x = q("select id, aid, uid, filename, filetype, filesize, hash, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where hash = '%s' and uid = %d $sql_options limit 1",
dbesc($arr['hash']),
intval($channel_id)
);
@@ -332,13 +383,14 @@ function attach_store($channel,$observer_hash,$options = '',$arr = null) {
return $ret;
}
- $limit = service_class_fetch($channel_id,'attach_upload_limit');
+ $limit = service_class_fetch($channel_id, 'attach_upload_limit');
+
if($limit !== false) {
- $r = q("select sum(filesize) as total from attach where uid = %d ",
- intval($channel_id)
+ $r = q("select sum(filesize) as total from attach where aid = %d ",
+ intval($channel['channel_account_id'])
);
if(($r) && (($r[0]['total'] + $filesize) > ($limit - $existing_size))) {
- $ret['message'] = upgrade_message(true);
+ $ret['message'] = upgrade_message(true) . sprintf(t("You have reached your limit of %1$.0f Mbytes attachment storage."), $limit / 1024000);
@unlink($src);
return $ret;
}
@@ -362,11 +414,12 @@ function attach_store($channel,$observer_hash,$options = '',$arr = null) {
);
}
elseif($options === 'revise') {
- $r = q("insert into attach ( aid, uid, hash, filename, filetype, filesize, revision, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid )
- VALUES ( %d, %d, '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
+ $r = q("insert into attach ( aid, uid, hash, creator, filename, filetype, filesize, revision, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid )
+ VALUES ( %d, %d, '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
intval($x[0]['aid']),
intval($channel_id),
dbesc($x[0]['hash']),
+ dbesc(get_observer_hash()),
dbesc($filename),
dbesc($mimetype),
intval($filesize),
@@ -380,7 +433,6 @@ function attach_store($channel,$observer_hash,$options = '',$arr = null) {
dbesc($x[0]['deny_gid'])
);
}
-
elseif($options === 'update') {
$r = q("update attach set filename = '%s', filetype = '%s', edited = '%s',
allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where id = %d and uid = %d limit 1",
@@ -395,13 +447,13 @@ function attach_store($channel,$observer_hash,$options = '',$arr = null) {
intval($x[0]['uid'])
);
}
-
else {
- $r = q("INSERT INTO attach ( aid, uid, hash, filename, filetype, filesize, revision, data, created, edited, allow_cid, allow_gid,deny_cid, deny_gid )
- VALUES ( %d, %d, '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
+ $r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, filetype, filesize, revision, data, created, edited, allow_cid, allow_gid,deny_cid, deny_gid )
+ VALUES ( %d, %d, '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
intval($channel['channel_account_id']),
intval($channel_id),
dbesc($hash),
+ dbesc(get_observer_hash()),
dbesc($filename),
dbesc($mimetype),
intval($filesize),
@@ -426,7 +478,7 @@ function attach_store($channel,$observer_hash,$options = '',$arr = null) {
// Caution: This re-uses $sql_options set further above
- $r = q("select id, aid, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where uid = %d and hash = '%s' $sql_options limit 1",
+ $r = q("select id, aid, uid, hash, creator, filename, filetype, filesize, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where uid = %d and hash = '%s' $sql_options limit 1",
intval($channel_id),
dbesc($hash)
);
@@ -439,4 +491,357 @@ function attach_store($channel,$observer_hash,$options = '',$arr = null) {
$ret['success'] = true;
$ret['data'] = $r[0];
return $ret;
-} \ No newline at end of file
+}
+
+/**
+ * Read a virtual directory and return contents, checking permissions of all parent components.
+ * @function z_readdir
+ * @param integer $channel_id
+ * @param string $observer_hash hash of current observer
+ * @param string $pathname
+ * @param string $parent_hash (optional)
+ *
+ * @returns array $ret
+ * $ret['success'] = boolean true or false
+ * $ret['message'] = error message if success is false
+ * $ret['data'] = array of attach DB entries without data component
+ */
+function z_readdir($channel_id, $observer_hash, $pathname, $parent_hash = '') {
+
+ $ret = array('success' => false);
+ if(! perm_is_allowed($r[0]['uid'], get_observer_hash(), 'view_storage')) {
+ $ret['message'] = t('Permission denied.');
+ return $ret;
+ }
+
+ if(strpos($pathname, '/')) {
+ $paths = explode('/', $pathname);
+ if(count($paths) > 1) {
+ $curpath = array_shift($paths);
+
+ $r = q("select hash, id from attach where uid = %d and filename = '%s' and (flags & %d ) " . permissions_sql($channel_id) . " limit 1",
+ intval($channel_id),
+ dbesc($curpath),
+ intval(ATTACH_FLAG_DIR)
+ );
+ if(! $r) {
+ $ret['message'] = t('Path not available.');
+ return $ret;
+ }
+
+ return z_readdir($channel_id, $observer_hash, implode('/', $paths), $r[0]['hash']);
+ }
+ }
+ else
+ $paths = array($pathname);
+
+ $r = q("select id, aid, uid, hash, creator, filename, filetype, filesize, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where id = %d and folder = '%s' and filename = '%s' and (flags & %d ) " . permissions_sql($channel_id),
+ intval($channel_id),
+ dbesc($parent_hash),
+ dbesc($paths[0]),
+ intval(ATTACH_FLAG_DIR)
+ );
+ if(! $r) {
+ $ret['message'] = t('Path not available.');
+ return $ret;
+ }
+ $ret['success'] = true;
+ $ret['data'] = $r;
+ return $ret;
+}
+
+/**
+ * @function attach_mkdir($channel,$observer_hash,$arr);
+ *
+ * @brief Create directory.
+ *
+ * @param $channel channel array of owner
+ * @param $observer_hash hash of current observer
+ * @param $arr parameter array to fulfil request
+ * Required:
+ * $arr['filename']
+ * $arr['folder'] // hash of parent directory, empty string for root directory
+ * Optional:
+ * $arr['hash'] // precumputed hash for this node
+ * $arr['allow_cid']
+ * $arr['allow_gid']
+ * $arr['deny_cid']
+ * $arr['deny_gid']
+ */
+function attach_mkdir($channel, $observer_hash, $arr = null) {
+
+ $ret = array('success' => false);
+ $channel_id = $channel['channel_id'];
+ $sql_options = '';
+
+ $basepath = 'store/' . $channel['channel_address'];
+
+ logger('attach_mkdir: basepath: ' . $basepath);
+
+ if(! is_dir($basepath))
+ mkdir($basepath,STORAGE_DEFAULT_PERMISSIONS, true);
+
+ if(! perm_is_allowed($channel_id, $observer_hash, 'write_storage')) {
+ $ret['message'] = t('Permission denied.');
+ return $ret;
+ }
+
+ if(! $arr['filename']) {
+ $ret['message'] = t('Empty pathname');
+ return $ret;
+ }
+
+ $arr['hash'] = (($arr['hash']) ? $arr['hash'] : random_string());
+
+ // Check for duplicate name.
+ // Check both the filename and the hash as we will be making use of both.
+
+ $r = q("select hash from attach where ( filename = '%s' or hash = '%s' ) and folder = '%s' and uid = %d limit 1",
+ dbesc($arr['filename']),
+ dbesc($arr['hash']),
+ dbesc($arr['folder']),
+ intval($channel['channel_id'])
+ );
+ if($r) {
+ $ret['message'] = t('duplicate filename or path');
+ return $ret;
+ }
+
+ if($arr['folder']) {
+
+ // Walk the directory tree from parent back to root to make sure the parent is valid and name is unique and we
+ // have permission to see this path. This implies the root directory itself is public since we won't have permissions
+ // set on the psuedo-directory. We can however set permissions for anything and everything contained within it.
+
+ $lpath = '';
+ $lfile = $arr['folder'];
+ $sql_options = permissions_sql($channel['channel_id']);
+
+ do {
+ $r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d )
+ $sql_options limit 1",
+ intval($channel['channel_id']),
+ dbesc($lfile),
+ intval(ATTACH_FLAG_DIR)
+ );
+
+ if(! $r) {
+ logger('attach_mkdir: hash ' . $lfile . ' not found in ' . $lpath);
+ $ret['message'] = t('Path not found.');
+ return $ret;
+ }
+ if($lfile)
+ $lpath = $r[0]['hash'] . '/' . $lpath;
+ $lfile = $r[0]['folder'];
+ } while ( ($r[0]['folder']) && ($r[0]['flags'] & ATTACH_FLAG_DIR)) ;
+ $path = $basepath . '/' . $lpath;
+ }
+ else
+ $path = $basepath . '/';
+
+ $path .= $arr['hash'];
+
+ $created = datetime_convert();
+
+ $r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, filetype, filesize, revision, folder, flags, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid )
+ VALUES ( %d, %d, '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
+ intval($channel['channel_account_id']),
+ intval($channel_id),
+ dbesc($arr['hash']),
+ dbesc(get_observer_hash()),
+ dbesc($arr['filename']),
+ dbesc('multipart/mixed'),
+ intval(0),
+ intval(0),
+ dbesc($arr['folder']),
+ intval(ATTACH_FLAG_DIR|ATTACH_FLAG_OS),
+ dbesc($path),
+ dbesc($created),
+ dbesc($created),
+ dbesc(($arr && array_key_exists('allow_cid',$arr)) ? $arr['allow_cid'] : $channel['channel_allow_cid']),
+ dbesc(($arr && array_key_exists('allow_gid',$arr)) ? $arr['allow_gid'] : $channel['channel_allow_gid']),
+ dbesc(($arr && array_key_exists('deny_cid',$arr)) ? $arr['deny_cid'] : $channel['channel_deny_cid']),
+ dbesc(($arr && array_key_exists('deny_gid',$arr)) ? $arr['deny_gid'] : $channel['channel_deny_gid'])
+ );
+
+ if($r) {
+ if(mkdir($path,STORAGE_DEFAULT_PERMISSIONS, true)) {
+ $ret['success'] = true;
+ $ret['data'] = $arr;
+ }
+ else {
+ logger('attach_mkdir: ' . mkdir . ' ' . $path . 'failed.');
+ $ret['message'] = t('mkdir failed.');
+ }
+ }
+ else
+ $ret['message'] = t('database storage failed.');
+
+ return $ret;
+
+}
+
+/**
+ * @brief Changes permissions of a file.
+ *
+ * @param $channel_id
+ * @param $resource
+ * @param $allow_cid
+ * @param $allow_gid
+ * @param $deny_cid
+ * @param $deny_gid
+ * @param $recurse
+ */
+function attach_change_permissions($channel_id, $resource, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $recurse = false) {
+
+ $r = q("select hash, flags from attach where hash = '%s' and uid = %d limit 1",
+ dbesc($resource),
+ intval($channel_id)
+ );
+
+ if(! $r)
+ return;
+
+ if($r[0]['flags'] & ATTACH_FLAG_DIR) {
+ if($recurse) {
+ $r = q("select hash, flags from attach where folder = '%s' and uid = %d",
+ dbesc($resource),
+ intval($channel_id)
+ );
+ if($r) {
+ foreach($r as $rr) {
+ attach_change_permissions($channel_id, $resource, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $recurse);
+ }
+ }
+ }
+ }
+
+ $x = q("update attach set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where hash = '%s' and uid = %d limit 1",
+ dbesc($allow_cid),
+ dbesc($allow_gid),
+ dbesc($deny_cid),
+ dbesc($deny_gid),
+ dbesc($resource),
+ intval($channel_id)
+ );
+
+ return;
+}
+
+/**
+ * @brief Delete a file.
+ *
+ * @param $channel_id
+ * @param $resource
+ */
+function attach_delete($channel_id, $resource) {
+
+
+ $c = q("select channel_address from channel where channel_id = %d limit 1",
+ intval($channel_id)
+ );
+
+ $channel_address = (($c) ? $c[0]['channel_address'] : 'notfound');
+
+ $r = q("select hash, flags from attach where hash = '%s' and uid = %d limit 1",
+ dbesc($resource),
+ intval($channel_id)
+ );
+
+
+ if(! $r)
+ return;
+
+ if($r[0]['flags'] & ATTACH_FLAG_DIR) {
+ $x = q("select hash, flags from attach where folder = '%s' and uid = %d",
+ dbesc($resource),
+ intval($channel_id)
+ );
+ if($x) {
+ foreach($x as $xx) {
+ attach_delete($channel_id, $xx['hash']);
+ }
+ }
+ }
+ if($r[0]['flags'] & ATTACH_FLAG_OS) {
+ $y = q("select data from attach where hash = '%s' and uid = %d limit 1",
+ dbesc($resource),
+ intval($channel_id)
+ );
+
+ if($y) {
+ $f = 'store/' . $channel_address . '/' . $y[0]['data'];
+ if(is_dir($f))
+ @rmdir($f);
+ elseif(file_exists($f))
+ unlink($f);
+ }
+ }
+
+ $z = q("delete from attach where hash = '%s' and uid = %d limit 1",
+ dbesc($resource),
+ intval($channel_id)
+ );
+
+ return;
+}
+
+/**
+ * @brief Returns path to file in cloud/.
+ *
+ * @param $arr
+ * @return string with the path the file to cloud/
+ */
+function get_cloudpath($arr) {
+
+ $basepath = 'cloud/';
+ if($arr['uid']) {
+ $r = q("select channel_address from channel where channel_id = %d limit 1",
+ intval($arr['uid'])
+ );
+ if($r)
+ $basepath .= $r[0]['channel_address'] . '/';
+ }
+
+ $path = $basepath;
+
+ if($arr['folder']) {
+
+ $lpath = '';
+ $lfile = $arr['folder'];
+
+ do {
+ $r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d )
+ limit 1",
+ intval($arr['uid']),
+ dbesc($lfile),
+ intval(ATTACH_FLAG_DIR)
+ );
+
+ if(! $r)
+ break;
+
+ if($lfile)
+ $lpath = $r[0]['filename'] . '/' . $lpath;
+ $lfile = $r[0]['folder'];
+
+ } while ( ($r[0]['folder']) && ($r[0]['flags'] & ATTACH_FLAG_DIR)) ;
+
+ $path .= $lpath;
+ }
+
+ $path .= $arr['filename'];
+ return $path;
+}
+
+/**
+ *
+ * @param $in
+ * @param $out
+ */
+function pipe_streams($in, $out) {
+ $size = 0;
+ while (!feof($in))
+ $size += fwrite($out, fread($in,8192));
+ return $size;
+}